Skip to content

AzureCloud-Demo/code-scanning

BranchesTags
 
 

Repository files navigation

Source code scanning

PREREQUISITE

Create Repository Secrets

REGISTRY_LOGIN_SERVER REGISTRY_USERNAME REGISTRY_PASSWORD

  1. Login to Azure portal

Azure_Portal

  1. Select Azure cloud Shell

Screen Shot 2565-08-23 at 20 35 17

  1. First command to login to ACR.
export RESOURCE_GROUP="$(az group list --query "[?location=='eastasia']" | jq -r '.[0].name')"

groupId=$(az group show \
  --name ${RESOURCE_GROUP} \
  --query id --output tsv)
  1. Second command to login to ACR. create the service principal (Copy clientId and clientSecret please see detail in step 7.)
az ad sp create-for-rbac \
--scope $groupId \
--role Contributor \
--sdk-auth

Screen Shot 2565-08-23 at 22 35 05

  1. Third command to login to ACR. Please change to your registry name from step 4.
export REPO_NAME="$(az acr list | jq -r '.[].name')"
 registryId=$(az acr show \
   --name ${REPO_NAME} \
   --query id --output tsv)
  1. Fourth command to login to ACR. Please change to your clientId or app id from step 4. And please keep the result.
az role assignment create \
--assignee <ClientId> \
--scope $registryId \
--role AcrPush

Screen Shot 2565-08-23 at 20 04 07

  1. Get REGISTRY_LOGIN_SERVER

    az acr list | jq -r '.[].loginServer'

  2. Create Github Repo.

In the GitHub UI, navigate to your forked repository and select Settings > Secrets > Actions and Select New repository secret to add the following secrets:

image

Reference : https://docs.microsoft.com/en-us/azure/container-instances/container-instances-github-action

Exercise 1

Set up basic CodeQL

  1. In the github repository to go menu Security-->Code scanning
  2. Click Configure CodeQL alerts
  3. (Optional) It will populate basic workflow with codeQL, adjust it as needed and then start commit

Exercise 2

Integrate with and existing workflow

  1. In .github/workflows/build-workflow.yml add the CodeQL job between unittest and containerized
sourcecode-scanning:
    name: Scan source code with CodeQL 
    runs-on: ubuntu-latest
    strategy:
      matrix: 
        language: ['csharp']
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      - name: Initial CodeQL
        uses: github/codeql-action/init@v2
        with:
          languages: ${{ matrix.language }}

      - name: Autobuild
        uses: github/codeql-action/autobuild@v2

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v2
        with:
          category: "/language:${{matrix.language}}"
  1. Commit and Push the code and see how the workflow is running

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • C# 84.9%
  • Dockerfile 15.1%